class UserCmsController < ApplicationController

  before_filter :logged_in?, :except=>['login', 'index', 'get_user']
  

  def get_user
    codename = params[:codename]
    password = Digest::SHA1.hexdigest(params[:password])
    user_query = "SELECT * FROM users where codename='#{codename}' and password='#{password}'"
    @user = User.find_by_sql(user_query)[0]
    if @user.blank?
      redirect_to :action=>'login'
    else
      session[:user_id]=@user.id
      redirect_to :action=>'posts'
    end

  end

  def logged_in?
    if session[:user_id]
      @current_user = User.find(session[:user_id])
    else
      redirect_to :action=>'login'
    end
  end

  def index
    redirect_to :action=>'login'
  end

  def login
    @user = User.new()
  end

  def posts
  end

  def new_blog
    @blog = Blog.new
  end

  def logout
    session[:user_id] = nil
    redirect_to :action=>'login'
  end

end
